Set up Cloudera Impala

Who can do this?

You will probably need your Cloudera Impala instance administrator to complete these steps — you may not have access yourself.

This guide provides step-by-step instructions to configure user access and grant the required permissions in Cloudera Impala so that Atlan can crawl metadata.

Create user

Create a user in your LDAP system for Atlan to authenticate with Impala. You can use identity providers like OpenLDAP, Active Directory, or any other service your organization uses to create this user.
Based on the authorization service your organization uses with Impala, sync the created user with either Ranger or Sentry.
- For Ranger, follow the Ranger Authentication and User Sync documentation.
- For Sentry, refer to the Sentry Overview documentation.
Connect to Impala using the admin user from either Ranger or Sentry to manage permissions.

Grant permissions to assets

There are three ways in which you can grant permissions to assets, depending on your requirements for crawling assets.

Who can do this?

The Impala or Ranger administrator likely needs to complete these steps, as you may not have the required access.

Grant permission to crawl schema

To provide the SELECT privilege for the entire schema, run the following command:
```
GRANT SELECT ON SCHEMA <schema_name> TO USER <atlan-user>;
```
- Repeat the above command for each schema you want to crawl.

Grant permission to crawl specific tables

To grant access to a specific table, run the following command:
```
GRANT SELECT ON TABLE <table_name> TO USER <atlan-user>;
```
- Replace <table_name> with the name of the table.

Grant permission to crawl specific columns

To grant column-level access, use the following command:
```
GRANT SELECT(column1, column2) ON TABLE <table_name> TO USER <atlan-user>;
```
- Replace column1, column2 with the relevant column names.
- Replace <table_name> the relevant table name.

(Optional) Grant permission to calculate specific attributes

Run the following SQL commands:

GRANT ALTER ON TABLE <table_name> TO USER <atlan-user>;

GRANT SELECT ON TABLE <table_name> TO USER <atlan-user>;

Replace <table_name> with the name of the table.

These permissions are needed to calculate attributes like rowCount and sizeBytes for the tables.

Create user​

Grant permissions to assets​

Grant permission to crawl schema​

Grant permission to crawl specific tables​

Grant permission to crawl specific columns​

(Optional) Grant permission to calculate specific attributes​